Network Controller is a new feature which will be available with Windows Server 2016. This feature enables to manage centrally the virtual and the physical network infrastructure to automate the management, configuration monitoring and troubleshooting. After a quick overview about network controller, I’ll explain how to deploy network controller and how to connect it to Virtual Machine Manager.
Network Controller overview
The information and schemas of this section come from here.
Network Controller is a Windows Server 2016 server role which is highly available and scalable. This feature comes with two API:
- The Southbound API enables to discover devices, detect services configuration and gather network information
- The Northbound API enables to configure, monitor, troubleshoot and deploy new devices (by REST endpoint or a management application as VMM)
Network Controller is able to manage the following network devices or features :
- Hyper-V VMs and virtual switches
- Physical network switches
- Physical network routers
- Firewall software
- VPN gateways (including RRaS)
- Load Balancers
For more information about Network Controller features you can read this topic (section network controller features)
Deploy Network Controller
Requirements
- A server (VM or not) running on Windows Server 2016 Technical Preview 3 Datacenter;
- A valid certificate for this server (Server Authentication);
Create Security groups
First, two security groups are required:
- The first give permissions to configure Network Controller (GG-NetControllerAdmin);
- The second enables to configure and manage the network by using the network controller (by using REST) (GG-NetControllerRESTAdmin)
Install Network controller feature
To install network controller features, run the following commands:
Install-WindowsFeature -Name NetworkController –IncludeManagementTools Install-WindowsFeature -Name Windows-Fabric –IncludeManagementTools Restart-Computer
Once the computer has rebooted, you can open the Server Manager and check if Network Controller is present:
Configure Network Controller
To understand commands and parameters, I recommend you to read this topic.
Currently in Technical Preview 3, the network controller role doesn’t support multi-node cluster. This is why in the following configuration, only one node will be added to the cluster. First I create a node object by using New-NetworkControllerNodeObject cmdlet.
Next I configure the network controller cluster by using the Install-NetworkControllerCluster cmdlet. I specify the node object, an authentication method and the security group that will be able to manage the network controller.
Then I configure network controller by using Install-NetworkController cmdlet. I specify also the node object, the authentication method for the clients and the security group that will be able to configure and manage network from Network Controller (by using REST).
To finish, I verify if my network controller is well configured, run the following commands:
Now that network controller is set and we can connect it to Virtual Machine Manager.
Add network controller to Virtual Machine Manager
To add Network Controller to VMM, you need VMM technical Preview 3.
Open the VMM console and navigate to Fabric. Right click on Network Services and select Add Network Service. Then specify the network service name.
Next select Microsoft as Manufacturer and Microsoft Network Controller as Model.
Then select your RunAs account.
Next specify ServerURL= and the REST Endpoint address. When Network Controller will support multi-node cluster, the SouthBound API address parameter will be mandatory.
Then select the certificate and check the box to specify that certificates have been reviewed.
Next, run Scan provider and verify that information can be gathered as below.
Next select host groups for which the network controller will be available.
When the network controller is added successfully, it should be listed in network services as below.
Great article — there’s a definite gap in network appliance management from the MS Suite and I’m glad to see them making in-roads to address that!
Thanks for the direction to deploying the network controller. But I cant seem to get the Network Controller to configure if I use Kerberos auth, only when I set it to none the cluster will create which I think is causing more issues when I try to deploy and SDN switch to my TP3 Hyper-V host. The PKI you used, how did you generate the certificate? is it SHA1?
Hi Tim,
I have made an enrollment from a Microsoft PKI. I have created a template from the WebServer template. I didn’t pay attention for the thumbprint algorithm sorry.
hello,
is this a standalone network controller ? is yes, do you have a production network controller which require 3 VM and 3 Host ?
Hi,
You can deploy Network Controller in standalone for lab purpose. For production, you have to deploy three nodes on three Hosts.
will it be so much different in term of deploying the production and standalone network controller? do you know any guide that i can refer too for deploying production network controller ?
Hello,
What’s new name of Windows-fabric in the last version of 2016 ?
Tanks
Bonjour,
quelle est le nouveau nom de Windows-fabric dans la dernière version de 2016 ?
Merci
hi Romain, thanks for the post!
I’m having trouble with adding Network Controller to VMM, it gives the following error:
Error (21426)
Execution of :: on the configuration provider failed. Detailed exception: Unable to connect to the network service. Check connection string and network connectivity. Execution of Microsoft.SystemCenter.NetworkService::OpenDeviceConnectionEx on the configuration provider 3e2875a7-5831-4fb2-b388-1672e1c20fee failed. Detailed exception: Microsoft.VirtualManager.NCRestApiWrappers.NCRestApiWrappersException
Check the documentation for the configuration provider or contact the publisher support.
Unable to connect to the network service. Check connection string and network connectivity.
If I understand correctly, strating with Win2016, you can’t simply deploy RAS Gateway and add it to VMM, it should be managed via Network Controller (it worked in 2012R2 environment)?